Oauth2 problems in Moodle 3.3

Oauth2 problems in Moodle 3.3

I just did a fresh install for Moodle 3.3 as I'm a big fan of using Oauth for authenticating my users. I used a plugin in prior versions, but since it became a core plugin in 3.3 and on, I just did a fresh install and hope to be migrating my courses soon.

I tried to recreate / update the setting at the Oauth2 services page, but as you can see in the image attached, Moodle seems to be unable to do Discovery nor connect to the System Account. I also attached my current settings. Is there anything I could do to fix this issue?

Re: Oauth2 problems in Moodle 3.3

Thanks for you reply. I did this, and it properly redirected to Google's oauth page for confirmation, etc. Then I get the same error as always about not upgrading the oauth token . I attached the image below.

Any other idea of why this is happening? The funny thing is that it was working normally, then it began raising this error message. Some users even created their accounts already, but none are being able to login and new users are unable to create new accounts.

Re: Oauth2 problems in Moodle 3.3

I just made a similar post to what I am reading here in the Authentication forum. Do you believe that your fix will solve my problem? Is this what you experienced for GoogleDrive, OneDrive, Flickr, etc? as you mentioned...

Here is my post from the other forum:

I recently upgraded from 3.1 to 3.3. After the upgrade, I am having difficulty using the file picker to pull up Google Drive.

1. File Picker opens

2. Click on Google Drive and the "Login to your account" button appears.

3. Then this screen:

...and for OneDrive...

I appreciate any suggestions or thoughts for troubleshooting this error!

...and if your fix did work, where is that screenshot from that you show to "connect the system account"?

Re: Oauth2 problems in Moodle 3.3

This error means that google is returning a HTTP code other than 200 from the request to get an access token. This could mean many things, but I would start by carefully checking your clientid and secret as well as checking the google api console for anything suspicious (bad redirect url, APIs not enabled etc).

I may try to reconfigure using another Gmail account and see what happens.. but I'd like to have some more debugging information to solve this issue. Is there anyway I could monitor messages exchanged between Moodle and Google?

Re: Oauth2 problems in Moodle 3.3

I, like you, had previously used the excellent addon/plugin for authentications to google. One of the thing I noticed had to do with getting the secret and key from google into Moodle properly. After creating an IAM in Google, you are presented with the key and secret. If I copied and pasted those into Moodle, noticed that there was a space at the start of both (key and secret) as well as a space at the end of both. That caused errors and the error came from the google end ... no way for Moodle to trap it.

Check that in the Moodle config for Google Authentication, there are no spaces before nor after the secret/key.

If you are getting google errors, you might have to share screen shots of those.

The sites I was using were NOT https but http. So am not sure that's really the reason, although now-a-days it's probably best to run https ... even though that's only a 'comfort thang' for users.

The other thing that folks might have to share about issues is some more about their systems ... Ubuntu version? What are you using for a web service on your Moodle server? Apache as what (mod/cgi) or is it Nginx?

There could also be issues with curl on your server .... from terminal might be a good idea to test using curl -I URL to Google. That's a capital "I"

To see more output ... curl -I -vvv URL to Google.

The -vvv sets verbose levels which will show every step in exchange/negotiation of the connection.

Re: Oauth2 problems in Moodle 3.3

When one begins to interface things like Google (Facebook/other) to Moodle, there are settings etc. on the other end - yeah, ok, we all know that so what's the point. Point is you might need to check everything on the other end.

TipEvery once in a while Google does send via Email to the primary account you might have used to interface Moodle with Google that ask you to check - got one of those today.

Here's the URL in case you didn't get an EMail today (you might get one in near future):

May not be a bad idea to create a System Admin Category and a System Admin course in your Moodle that's accessible only by System Admin (hidden/assign no one) and record your keys/secrets and other information. Could create a page resource of the above information and thus not have to find that message in your EMail - nor have to return to these forums to find the links.

Other than that, since 3.3 is brand spanking new, cache? On server purge cache ... might even manually purge in moodledata cache and localcache.

In the paste, before using the plugin no longer supported or it was built in, had a link in drop down menus for "Login to Google" ... pointed to accounts ... one of those links seen in the config. Try making a menu item in the theme pointed to accounts that uses new window.

Re: Oauth2 problems in Moodle 3.3

You mentioned that the account must not be the one you use on a normal basis -- why is this? In other words, how does this fail and what problems would it cause? I'm currently using it this way and trying to trouble shoot items.

I'm also not certain why it needs email confirmation followup -- i.e. why the site says "This account is pending email confirmation." I'm also in the middle of getting my email relay set up, so I'm not receiving any confirmation messages yet; I'm not certain why that's needed since other OAuth2 services don't do that.